<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
    <head>
        <title>CruiseControl.NET : External File Server Security</title>
	    <link rel="stylesheet" href="styles/site.css" type="text/css" />
        <META http-equiv="Content-Type" content="text/html; charset=UTF-8">	    
    </head>

    <body>
	    <table class="pagecontent" border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#ffffff">
		    <tr>
			    <td valign="top" class="pagebody">
				    <div class="pageheader">
					    <span class="pagetitle">
                            CruiseControl.NET : External File Server Security
                                                    </span>
				    </div>
				    <div class="pagesubheading">
					    This page last changed on Jun 27, 2009 by <font color="#0050B2">csut017</font>.
				    </div>

				    <h3><a name="ExternalFileServerSecurity-ExternalFileServerSecurity"></a>External File Server Security</h3>

<p>This defines the security settings in external XML files. The external files use the same format as the internal server security configuration (e.g. &lt;users&gt; and &lt;permissions&gt; elements).</p>

<h4><a name="ExternalFileServerSecurity-Version"></a>Version</h4>

<p>This security item is available from version 1.5.0.</p>

<h4><a name="ExternalFileServerSecurity-Examples"></a>Examples</h4>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-xml"><span class="code-tag">&lt;externalFileSecurity&gt;</span>
  <span class="code-tag">&lt;cache type=<span class="code-quote">"inMemoryCache"</span> duration=<span class="code-quote">"10"</span> mode=<span class="code-quote">"sliding"</span>/&gt;</span>
  <span class="code-tag">&lt;files&gt;</span>
    <span class="code-tag">&lt;file&gt;</span>users.xml<span class="code-tag">&lt;/file&gt;</span>
    <span class="code-tag">&lt;file&gt;</span>permissions.xml<span class="code-tag">&lt;/file&gt;</span>
  <span class="code-tag">&lt;/files&gt;</span>
<span class="code-tag">&lt;/externalFileSecurity&gt;</span></pre>
</div></div>

<h4><a name="ExternalFileServerSecurity-ConfigurationElements"></a>Configuration Elements</h4>

<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Node </th>
<th class='confluenceTh'> Description </th>
<th class='confluenceTh'> Type </th>
<th class='confluenceTh'> Required </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Version </th>
</tr>
<tr>
<td class='confluenceTd'> cache </td>
<td class='confluenceTd'> The type of caching to use. </td>
<td class='confluenceTd'> Single <a href="Security Caches.html" title="Security Caches">Security Cache</a> </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> inMemoryCache </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> audit </td>
<td class='confluenceTd'> The audit loggers to use. </td>
<td class='confluenceTd'> Array of <a href="Security Audit Loggers.html" title="Security Audit Loggers">Security Audit Loggers</a> </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> <em>None</em> </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> auditReader </td>
<td class='confluenceTd'> The audit reader to use. </td>
<td class='confluenceTd'> Single <a href="Security Audit Readers.html" title="Security Audit Readers">Security Audit Reader</a> </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> _None </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> defaults </td>
<td class='confluenceTd'> The default permissions to apply if no other permissions have been found </td>
<td class='confluenceTd'> Security Permissions (see below) </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> <em>None</em> </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> files </td>
<td class='confluenceTd'> The external files that contain the security settings. </td>
<td class='confluenceTd'> String array (file name) </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> <em>n/a</em> </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
</tbody></table>

<h4><a name="ExternalFileServerSecurity-GeneralSecurityPermissions"></a>General Security Permissions</h4>

<p>The following are the general security permissions:</p>

<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Element </th>
<th class='confluenceTh'> Description </th>
<th class='confluenceTh'> Type </th>
<th class='confluenceTh'> Required </th>
<th class='confluenceTh'> Version </th>
</tr>
<tr>
<td class='confluenceTd'> defaultRight </td>
<td class='confluenceTd'> This is the permission that will be used if no other permission has been specified. See notes below for how this works. </td>
<td class='confluenceTd'> Permission </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> forceBuild </td>
<td class='confluenceTd'> The force/abort build permission. </td>
<td class='confluenceTd'> Permission </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> sendMessage </td>
<td class='confluenceTd'> The send message permission. </td>
<td class='confluenceTd'> Permission </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> startProject </td>
<td class='confluenceTd'> The start/stop project permission. </td>
<td class='confluenceTd'> Permission </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> changeProject </td>
<td class='confluenceTd'> The permission to change a project, e.g. add/modify/delete. </td>
<td class='confluenceTd'> Permission </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> viewSecurity </td>
<td class='confluenceTd'> The permission to view security information. </td>
<td class='confluenceTd'> Permission </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> modifySecurity </td>
<td class='confluenceTd'> The permission to modify security settings (via a client). </td>
<td class='confluenceTd'> Permission </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> viewProject </td>
<td class='confluenceTd'> The view project permission. </td>
<td class='confluenceTd'> Permission </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
<tr>
<td class='confluenceTd'> viewConfiguration </td>
<td class='confluenceTd'> The permission to view configuration information. </td>
<td class='confluenceTd'> Permission </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 1.5.0 </td>
</tr>
</tbody></table>

<h4><a name="ExternalFileServerSecurity-Permission"></a>Permission</h4>

<p>Each permission can be one of the following values:</p>
<ul>
	<li>Allow: the permission has been granted</li>
	<li>Deny: the permission has been disallowed</li>
	<li>Inherit: The next level of permissions will be checked to see if it is allowed or denied. If the permission has not been set at any other level, then the default permission will be returned.</li>
</ul>


<p>The default permission for an omitted permission attribute is "Inherit".</p>

<h4><a name="ExternalFileServerSecurity-PermissionInheritance"></a>Permission Inheritance</h4>

<p>Permissions can be set in multiple places, at both server and project level. When checking for a permission, the security manager will start at the project level and check each permission definition to see if it is valid for the user. </p>

<p>When a valid permission is found, it will then see if the specific permission has been set (i.e. not inherit). The specific permission is decided by the action, e.g force or abort build, start or stop a project, etc. If the specific permission is not set, then it will check the default permission. If neither is set, then it will continue on through the permissions until it finds another valid permission. This will continue until all the permissions have been checked, or a permission has been found (e.g. allow or deny).</p>

<p>If no permissions are found at the project level, it will then use the permissions defined at the server level. Again, it will first check for a specific permission, and then the default permission. If no permissions has been found after this, then it will return denied as the permission.</p>

				    
                    			    </td>
		    </tr>
	    </table>
	    <table border="0" cellpadding="0" cellspacing="0" width="100%">
			<tr>
				<td height="12" background="http://confluence.public.thoughtworks.org//images/border/border_bottom.gif"><img src="images/border/spacer.gif" width="1" height="1" border="0"/></td>
			</tr>
		    <tr>
			    <td align="center"><font color="grey">Document generated by Confluence on Sep 29, 2009 20:59</font></td>
		    </tr>
	    </table>
    </body>
</html>